From version 30.1
edited by Pål-Eirik Askerød
on 2017/10/19 11:36
To version 30.2
edited by Pål-Eirik Askerød
on 2017/10/24 12:17
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -137,7 +137,7 @@
137 137  
138 138  **P-2 PAN**
139 139  
140 -Personal Account Number, identifies the card.Only mandatory for Manual PAN transactions (replacement for Track2Data P35)
140 +Personal Account Number, identifies the card. Only mandatory for Manual PAN transactions (replacement for Track2Data P35)
141 141  
142 142  **P-3 PROCESSING CODE**
143 143  
... ... @@ -226,16 +226,7 @@
226 226  b) Original amount reconciliation, n 12.
227 227  Absence of data shall be indicated by zeroes. These parts shall be used when attempting to perform a partial approval and shall contain the original amounts.
228 228  
229 -**P-32 ACQUIRING INSTITUTION IDENTIFICATION CODE**
230 230  
231 -ISO 3166 - numeric country code of country where the POS transaction took place.
232 -
233 -ISO numeric country code
234 -578 - Norway
235 -208 - Sweden
236 -??? - Danmark
237 -??? - Finland
238 -
239 239  **P-33 FORWARDING INSTITUTION IDENTIFICATION CODE**
240 240  
241 241  10 digit code identifying the 3rd patry host. Each 3rd party integrated with PayEx will be assigned a unique code that they are to use in all messages where P-33 is specified.
... ... @@ -340,25 +340,38 @@
340 340  All transactions are in local currency, as defined during system installation. Actual value is as defined by ISO 4217.
341 341  
342 342  **P-52 PIN DATA**
343 -ISO 9564-1 format 0 PIN block encrypted with ZKA MK/SK PAC.
334 +ISO 9564-1 format 0 PIN block encrypted with PIN encryption key.
344 344  
345 345  
346 346  **P-53 SECURITY RELATED CONTROL INFORMATION**
347 347  
348 -|=Element|=Name|=Format|=Attribute|=Description
349 -|53| |n|2|LLVAS lenght field
350 -|53-1|Master key generation number|n|1|Identifies the master key generation
351 -|53-2|Key version of master key|n|1|Identifes the key version
352 -|53-3|MAC random value|b|16|ZKA MAC random valuse
353 -|53-4|PAC random value|b|16|ZKA PAC random valuse. Zero filled if no PIN block in the message
339 +(% style="width:1468px" %)
340 +|=Element|=Name|=Format|=Attribute|=(% style="width: 731px;" %)Description
341 +|53| |n|2|(% style="width:731px" %)LLVAR length field
342 +|53-1|Master key generation number|n|1|(% style="width:731px" %)Identifies the master key generation. **Currently NOT supported**
343 +|53-2|Key version of master key|n|1|(% style="width:731px" %)Identifies the key version. **Currently NOT supported**
344 +|53-3|MAC random value|b|16|(% style="width:731px" %)ZKA MAC random value. **Currently NOT supported**
345 +|53-4|PAC random value|b|16|(% style="width:731px" %)(((
346 +ZKA PAC random value. Zero filled if no PIN block in the message. **Currently NOT supported**
347 +)))
348 +|53-5|Data encryption random value|b|16|(% style="width:731px" %)ZKA Data encryption random value. **Currently NOT supported**
349 +|53-6|H2H Key version|n|2|(% style="width:731px" %)Version of keys shared by PayEx with 3rd party.
354 354  
351 +**ZKA scheme (Currently not supported)**
352 +
355 355  PayEx defines the value of 53-1 and 53-2. Note that a set of different values are defined for both TEST and LIVE, and is unique for every third party (host).
356 356  
357 357  For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used.
358 358  
359 -Important is to assure that different random numbers are used for every transaction.
357 +It is important to assure that different random numbers are used for every transaction.
360 360  
361 361  
360 +**PayEx shared key scheme**
361 +
362 +PayEx supplies key version to be sent in 53-6. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party.
363 +
364 +**~ **
365 +
362 362  **P-56 ORIGINAL DATA ELEMENTS**
363 363  
364 364  Data elements of original transaction which contains the original “message identifier”, original “STAN” and original “date and time – local transaction”. This must be present if the message is preceded by an 1100 Authorisation Request, it can be omitted if the message is as a result of a store and forward transaction.